Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Update Java RuntimeYou are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.

Note:Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware

Select the Update tab

Click Check for Updates

After the update have been completed, Select the Scanner tab.

Select Perform Quick scan, then click on Scan

When done, you will be prompted. Click OK. If Items are found, then click on Show Results

Check all items then click on Remove Selected

After it has removed the items, Notepad will open. Please post this log in your next reply.

Concerning the MBR dump you attached, it would help us greatly to know the exact Make, model and type of computer you have, and in which country it was purchased - thank you.

mrt.exe is the MS Malicious software removal tool, we'll disable TeaTimer for the time being as it can interfere with fixes.

Registry Cleaners

Re. TweakNow RegCleaner

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on reg cleaners

Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)

If you have versions 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.

Note:Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on:

When prompted allow the Add-On/Active X to install.

Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Now click on:

The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Now click on: (Selecting Uninstall application on close if you so wish)

Re-enable your anti-virus software.

Please post back with the information about your computer,the ESET log , a fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Push the large button.

OTM may ask to reboot the machine. Please do so if asked.

Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Your log now appears to be clean. Congratulations!This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. If not, follow the instructions below.

DeFogger Re-enable

To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear

Click the Re-enable button to re-enable your CD Emulation drivers

Click Yes to continue

A 'Finished!' message will appear

Click OK

DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

OTM by OldTimer

You should still have this on your desktop.

Double-click OTM.exe

Click the CleanUp! button

Select Yes when the Begin cleanup Process? Prompt appears

If you are prompted to Reboot during the cleanup, select Yes

The tool will delete itself once it finishes, if not delete it by yourself

You can also delete RKUnhooker, Preformat.zip & folder, MBRCheck and all their associated log files

Protection ProgramsDon't forget to re-enable any protection programs we disabled during your fix.

==========================================================

Your computer was infected with a ROOTKIT. In particular, the TDL3 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.

General Security and Computer HealthBelow are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Make sure that you keep your antivirus updatedNew viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.Uninstall Tools for Major Antivirus Products

Security Updates for Windows, Internet Explorer & Microsoft OfficeWhenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

Update Non-Microsoft ProgramsMicrosoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

WinPatrolAs a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

Malwarebytes' Anti-MalwareAs you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.

Hosts FileFor added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.